diff --git a/CHANGES b/CHANGES index b2f74e7..98d4e56 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,7 @@ +0.1.21 (2014-06-05) + - new flag -b: generate prefix-filters for BIRD (http://bird.network.cz), + contributed by Job Snijders. + 0.1.20-todo2 (2014-05-01) - new flag -r , allowing bgpq to generate limited set of more-specific routes - only routes with prefix-length >= are accepted. diff --git a/Makefile.in b/Makefile.in index 46d77b0..6c59311 100644 --- a/Makefile.in +++ b/Makefile.in @@ -37,5 +37,5 @@ install: bgpq3 depend: makedepend -- $(CFLAGS) -- $(SRCS) -bgpq3.html: README.md - markdown2 README.md > bgpq3.html +bgpq3.html: readme.header README.md + cat readme.header README.md | @MARKDOWN@ > bgpq3.html diff --git a/bgpq3.8 b/bgpq3.8 index bdbcc36..0da7085 100644 --- a/bgpq3.8 +++ b/bgpq3.8 @@ -37,7 +37,7 @@ .Fl f Ar asn | .Fl G Ar asn .Oc -.Op Fl 346ADdJjX +.Op Fl 346AbDdJjX .Op Fl r Ar len .Op Fl R Ar len .Op Fl m Ar max diff --git a/bgpq3.c b/bgpq3.c index d27f8fb..91e35d3 100644 --- a/bgpq3.c +++ b/bgpq3.c @@ -148,7 +148,8 @@ main(int argc, char* argv[]) if(aggregate) debug_aggregation++; aggregate=1; break; - case 'b': if(expander.vendor) vendor_exclusive(); + case 'b': + if(expander.vendor) vendor_exclusive(); expander.vendor=V_BIRD; break; case 'd': debug_expander++; diff --git a/bgpq3.html b/bgpq3.html index 9742c29..3674917 100644 --- a/bgpq3.html +++ b/bgpq3.html @@ -1,142 +1,182 @@ -

-

+ +

NAME

-

bgpq3 - bgp filtering automation for Cisco and Juniper routers

-

SYNOPSIS

- -
bgpq3 [-h host] [-S sources] [-EP] [-f asn | -G asn] [-36ADdJjX] [-R len] [-m max] OBJECTS [...]
+
bgpq3 [-h host] [-S sources] [-EP] [-f asn | -G asn] [-346ADdJjX] [-r len] [-R len] [-m max] OBJECTS [...]
 

-
 
DESCRIPTION

-
 
The bgpq3 utility used to generate Cisco and Juniper prefix-lists,
 extended access-lists, policy-statement terms and as-path lists based on
 RADB data.

-
 
The options are as follows:

-
 
    
-
  • -3      
    
-
+
  • 
+
    -3    
    
+
    
 
    
-  
    assume that your device is asn32-capable.
    
-
    • 
-
  • -6      
    
-
+
    assume that your device is asn32-capable.
    
+
+
    • 
+
  • 
+
    -4 
    
 
    
-  
    generate IPv6 prefix/access-lists (IPv4 by default).
    
-
    • 
-
  • -A      
    
-
+
    generate IPv4 prefix/access-lists (default).
    
+
+
    • 
+
  • 
+
    -6    
    
+
    
 
    
-  
    try to aggregate generated filters as much as possible (not all
-  output formats supported).
    
-
    • 
-
  • -d      
    
-
+
    generate IPv6 prefix/access-lists (IPv4 by default).
    
+
+
    • 
+
  • 
+
    -A    
    
+
    
 
    
-  
    enable some debugging output.
    
-
    • 
-
  • -D      
    
-
+
    try to aggregate generated filters as much as possible (not all
+output formats supported).
    
+
+
    • 
+
  • 
+
    -b
    
 
    
-  
    use asdot notation for Cisco as-path access-lists.
    
-
    • 
-
  • -E      
    
-
+
    generate output in BIRD format (default: Cisco).
    
+
+
    • 
+
  • 
+
    -d    
    
+
    
 
    
-  
    generate extended access-list (Cisco) or policy-statement term using 
-  route-filters (Juniper).
    
-
    • 
-
  • -f number
    
-
+
    enable some debugging output.
    
+
+
    • 
+
  • 
+
    -D    
    
+
    
 
    
-  
    generate input as-path access-list.
    
-
    • 
-
  • -G number
    
-
+
    use asdot notation for Cisco as-path access-lists.
    
+
+
    • 
+
  • 
+
    -E    
    
+
    
 
    
-  
    generate output as-path access-list.
    
-
    • 
-
  • -h host
    
-
+
    generate extended access-list (Cisco) or policy-statement term using 
+route-filters (Juniper).
    
+
+
    • 
+
  • 
+
    -f number
    
 
    
-  
    host running IRRD database (default: whois.radb.net).
    
-
    • 
-
  • -J      
    
-
+
    generate input as-path access-list.
    
+
+
    • 
+
  • 
+
    -G number
    
 
    
-  
    generate config for Juniper (default: Cisco).
    
-
    • 
-
  • -j      
    
-
+
    generate output as-path access-list.
    
+
+
    • 
+
  • 
+
    -h host
    
 
    
-  
    generate output in JSON format (default: Cisco).
    
-
    • 
-
  • -m len  
    
-
+
    host running IRRD database (default: whois.radb.net).
    
+
+
    • 
+
  • 
+
    -J    
    
+
    
 
    
-  
    maximum length of accepted prefixes (default: 32 for IPv4, 128 for IPv6).
    
-
    • 
-
  • -M match 
    
-
+
    generate config for Juniper (default: Cisco).
    
+
+
    • 
+
  • 
+
    -j    
    
+
    
 
    
-  
    extra match conditions for Juniper route-filters.
    
-
    • 
-
  • -l name 
    
-
+
    generate output in JSON format (default: Cisco).
    
+
+
    • 
+
  • 
+
    -m len
    
+
    
 
    
-  
    name of generated entry.
    
-
    • 
-
  • -P      
    
-
+
    maximum length of accepted prefixes (default: 32 for IPv4, 128 for IPv6).
    
+
+
    • 
+
  • 
+
    -M match 
    
 
    
-  
    generate prefix-list (default behaviour, flag added for backward 
-  compatibility only).
    
-
    • 
-
  • -R len  
    
-
+
    extra match conditions for Juniper route-filters.
    
+
+
    • 
+
  • 
+
    -l name 
    
 
    
-  
    allow more-specific routes up to specified masklen too.
-  (Please, note: objects with prefix-length greater than specified length
-  will be always allowed.)
    
-
    • 
-
  • -S sources 
    
-
+
    name of generated entry.
    
+
+
    • 
+
  • 
+
    -P    
    
+
    
 
    
-  
    use specified sources only (default: RADB,RIPE,APNIC).
    
-
    • 
-
  • -T      
    
-
+
    generate prefix-list (default behaviour, flag added for backward 
+compatibility only).
    
+
+
    • 
+
  • 
+
    -r len 
    
+
    > allow more-specific routes with masklen starting with specified 
+length.
+
    
+
    • 
+
  • 
+
    -R len
    
+
    
 
    
-  
    disable pipelining.
    
-
    • 
-
  • -X      
    
-
+
    allow more-specific routes up to specified masklen too.
+(Please, note: objects with prefix-length greater than specified length
+will be always allowed.)
    
+
+
    • 
+
  • 
+
    -S sources 
    
 
    
-  
    generate config for Cisco IOS XR devices (plain IOS by default).
    
-
    • 
+
    use specified sources only (default: RADB,RIPE,APNIC).
    
+
+
+
  • 
+
    -T    
    
+
    
+
    
+
    disable pipelining.
    
+
    
+
    • 
+
  • 
+
    -X    
    
+
    
+
    
+
    generate config for Cisco IOS XR devices (plain IOS by default).
    
+
    
+
    • 
 

-
-
OBJECTS means networks (in prefix format), autonomous systems and as-macros.

-
+
OBJECTS means networks (in prefix format), autonomous systems, as-sets 
+and route-sets. 

 
EXAMPLES

-
 
Generating named Juniper prefix-filter for AS20597:

-
 
 user@host:~>bgpq3 -Jl eltel AS20597
  policy-options {
  replace:
@@ -157,10 +197,8 @@ RADB data.

   }
  }
 

-
 
For Cisco we can use aggregation (-A) flag to make this prefix-filter
 more compact:

-
 
 user@host:~>bgpq3 -Al eltel AS20597
  no ip prefix-list eltel
  ip prefix-list eltel permit 81.9.0.0/20
@@ -175,54 +213,45 @@ more compact:

  ip prefix-list eltel permit 89.112.64.0/19
  ip prefix-list eltel permit 217.170.64.0/19 ge 20 le 20
 

-
 
and, as you see, prefixes 89.112.0.0/19 and 89.112.32.0/19 now aggregated 
 into single entry 

-
 
ip prefix-list eltel permit 89.112.0.0/18 ge 19 le 19.
 

-
 
Well, for Juniper we can generate even more interesting policy-statement,
-using -M <extra match conditions>, -R <len> and hierarchical names:

-
-
 user@host:~>bgpq3 -AJEl eltel/specifics -R 32 -M "community blackhole" AS20597
- policy-options {
-  policy-statement eltel {
-   term specifics {
- replace:
-    from {
-     community blackhole;
-     route-filter 81.9.0.0/20 upto /32;
-     route-filter 81.9.32.0/20 upto /32;
-     route-filter 81.9.96.0/20 upto /32;
-     route-filter 81.222.128.0/20 upto /32;
-     route-filter 81.222.192.0/18 upto /32;
-     route-filter 85.249.8.0/21 upto /32;
-     route-filter 85.249.224.0/19 upto /32;
-     route-filter 89.112.0.0/18 prefix-length-range /19-/32;
-     route-filter 89.112.64.0/19 upto /32;
-     route-filter 217.170.64.0/19 prefix-length-range /20-/32;
-    }
+using -M <extra match conditions>, -r <len>, -R <len> and hierarchical 
+names:

+
 user@host:~>bgpq3 -AJEl eltel/specifics -r 29 -R 32 -M "community blackhole" AS20597
+policy-options {
+ policy-statement eltel {
+  term specifics {
+replace:
+   from {
+    community blackhole;
+    route-filter 81.9.0.0/20 prefix-length-range /29-/32;
+    route-filter 81.9.32.0/20 prefix-length-range /29-/32;
+    route-filter 81.9.96.0/20 prefix-length-range /29-/32;
+    route-filter 81.222.128.0/20 prefix-length-range /29-/32;
+    route-filter 81.222.192.0/18 prefix-length-range /29-/32;
+    route-filter 85.249.8.0/21 prefix-length-range /29-/32;
+    route-filter 85.249.224.0/19 prefix-length-range /29-/32;
+    route-filter 89.112.0.0/17 prefix-length-range /29-/32;
+    route-filter 217.170.64.0/19 prefix-length-range /29-/32;
    }
   }
  }
+}
 

-
-
generated policy-option term now allows all more-specific routes 
-for eltel networks if they marked with community 'blackhole' (defined
-elsewhere in configuration).

-
+
generated policy-option term now allows more-specific routes in range
+/29 - /32 for eltel networks if they marked with community 'blackhole' 
+(defined elsewhere in configuration).

 
Of course, bgpq3 supports IPv6 (-6):

-
 
 user@host:~>bgpq3 -6l as-retn-6 AS-RETN6
  no ipv6 prefix-list as-retn-6
  ipv6 prefix-list as-retn-6 permit 2001:7fb:fe00::/48
  ipv6 prefix-list as-retn-6 permit 2001:7fb:fe01::/48
  [....]
 

-
 
and ASN32

-
 
 user@host:~>bgpq3 -J3f 112 AS-SPACENET
  policy-options {
  replace:
@@ -234,12 +263,9 @@ elsewhere in configuration).

   }
  }
 

-
 
see AS196611 in the end of the list ? That's AS3.3 in 'asplain' notation.

-
 
If your router does not support ASN32 (yet) you should not use switch -3, 
 and the result will be next:

-
 
 user@host:~>bgpq3 -f 112 AS-SPACENET
  no ip as-path access-list NN
  ip as-path access-list NN permit ^112( 112)*$
@@ -249,44 +275,31 @@ and the result will be next:

  ip as-path access-list NN permit ^112( [0-9]+)* (25152|31529|34127|34906)$
  ip as-path access-list NN permit ^112( [0-9]+)* (35052|41720|43628|44450)$
 

-
 
AS196611 is no more in the list, however, AS23456 (transition AS) would
 have been added to list if it were not present.

-
 
DIAGNOSTICS

-
 
When everything is OK, bgpq3 generates result to standard output and
 exits with status == 0.  In case of errors they are printed to stderr and
 program exits with non-zero status.

-
 
NOTES ON ULTRA-LARGE PREFIX-LISTS

-
 
When using bgpq3 to expand extra-large AS-SETs, bgpq3 may stuck
 due to lacking tcp buffer size. To avoid this, tune your OS. 
 FreeBSD can be tuned in the following way:

-
 
sysctl -w net.inet.tcp.sendbuf_max=16777216
 

-
 
Please note that generated prefix-lists may not fit your router's
 limitations. For example, JunOS supports only 85,325 prefixes in 
 each prefix-list 4. 

-
 
SEE ALSO

-
 
    
 
  1. Routing Arbiter
    2. 
 
  2. draft-michaelson-4byte-as-representation-05.txt
- for information on 'asdot' and 'asplain' notations.
    3. 
+     for information on 'asdot' and 'asplain' notations.
 
  3. Cisco documentation
- for information on Cisco implementation of ASN32.
    4. 
+     for information on Cisco implementation of ASN32.
 
  4. JunOS prefix-lists limitation
    5. 
 

-
 
AUTHOR

-
 
Alexandre Snarskii snar@snar.spb.ru

-
 
Program Homepage

-
-
http://snar.spb.ru/prog/bgpq3/

+
http://snar.spb.ru/prog/bgpq3/

\ No newline at end of file
diff --git a/bgpq3.spec b/bgpq3.spec
index 406ae10..cb260e5 100644
--- a/bgpq3.spec
+++ b/bgpq3.spec
@@ -1,12 +1,12 @@
 Name:           bgpq3
-Version:        0.1.19
+Version:        0.1.21
 Release:        0%{?dist}
 
 Group:          System/Utilities
 Summary:        Automate BGP filter generation based on routing database information
 URL:            http://snar.spb.ru/prog/bgpq3/
 License:        BSD
-Source0:        http://snar.spb.ru/prog/bgpq3/bgpq3-0.1.19.tgz
+Source0:        http://snar.spb.ru/prog/bgpq3/bgpq3-0.1.21.tgz
 BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 
 %description
@@ -35,6 +35,9 @@ rm -rf $RPM_BUILD_ROOT
 
 
 %changelog
+* Thu Jun 5 2014 Alexandre Snarskii  0.1.21-0.snar
+- Version updated
+
 * Thu May 9 2013 Alexandre Snarskii  0.1.19-0.snar
 - Version updated
 
diff --git a/configure b/configure
index 5cc2828..ddc9263 100755
--- a/configure
+++ b/configure
@@ -586,6 +586,7 @@ PACKAGE_URL=''
 
 ac_subst_vars='LTLIBOBJS
 LIBOBJS
+MARKDOWN
 INSTALL_DATA
 INSTALL_SCRIPT
 INSTALL_PROGRAM
@@ -2756,6 +2757,50 @@ test -z "$INSTALL_SCRIPT" && INSTALL_SCRIPT='${INSTALL}'
 test -z "$INSTALL_DATA" && INSTALL_DATA='${INSTALL} -m 644'
 
 
+for ac_prog in markdown_py markdown2 markdown
+do
+  # Extract the first word of "$ac_prog", so it can be a program name with args.
+set dummy $ac_prog; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_prog_MARKDOWN+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  if test -n "$MARKDOWN"; then
+  ac_cv_prog_MARKDOWN="$MARKDOWN" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+    ac_cv_prog_MARKDOWN="$ac_prog"
+    $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+fi
+fi
+MARKDOWN=$ac_cv_prog_MARKDOWN
+if test -n "$MARKDOWN"; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $MARKDOWN" >&5
+$as_echo "$MARKDOWN" >&6; }
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+  test -n "$MARKDOWN" && break
+done
+test -n "$MARKDOWN" || MARKDOWN="echo"
+
+
 
 for ac_func in strlcpy
 do :
diff --git a/configure.in b/configure.in
index 1301c6d..1453458 100644
--- a/configure.in
+++ b/configure.in
@@ -3,6 +3,8 @@ AC_CONFIG_HEADER(config.h)
 AC_PROG_CC
 AC_PROG_INSTALL
 
+AC_CHECK_PROGS([MARKDOWN], [markdown_py markdown2 markdown], [echo])
+
 AC_CHECK_FUNCS(strlcpy)
 
 AC_CHECK_LIB(socket,socket)
diff --git a/readme.header b/readme.header
new file mode 100644
index 0000000..472bbba
--- /dev/null
+++ b/readme.header
@@ -0,0 +1,13 @@
+  
+ 
+